The passwords aren't really from us. We supply a web page to your browser (Internet Explorer, Firefox, Chrome etc.) and that page contains code that creates random passwords. The passwords will not be predictable. We and others have no practical method to calculate your passwords. The reason to use the passwords from the printed sheet is to provide you a way of using difficult to guess passwords for many web sites and still be able to remember them without using the same password across multiple sites.
Why don't you let me make up things I can remember?
Unfortunately things that are memorable for you are often memorable for other people, so many people are using these same strings of characters as passwords. An intruder can guess that a file of the 1000 or so of the most common passwords are a password to a set of accounts and succeed in getting access to a significant number of accounts. Sequences of incrementing characters, names and declarations of love, are all very commonly used as passwords. They are all common elements to people's lives and as such they are easy to guess. For example for a consumer service the strings 12345[6[7[8]]], 'password', 'iloveyou', 'princess', 'rockyou' and 'abc123' were found to make up over 1% of passwords for a large series of account passwords that intruders made public. If a system allows 5 guesses then any brute force attempt to guess a password with only the ten most common passwords will be successful with the first attempt for 1 account in every 200 accounts. The intruder may make many attemtps and attack thousands of accounts so very much more difficult to guess nonsensical, and unfortunatley unmemorable, passwords need to be used for password based security systems to offer any resistance to intrusion.
What is the date field for?
The date field is provided to allow you to track when you set this password at the site. Old passwords should be occassionally replaced (Say after 90 days) to limit the damange due to people having logged your keyboard activity or having had access to your sheet of passwords. Others should never have access to your password sheet.
How do I know that your code does what you say?
Anybody can read our source code within the page and verify what we are doing. You can see the source code by using the View Source option of your browser. While not everybody can read source code the fact that it is available to others who would point out an issue offers a level of comfort.
What symbols are used by the sheet?
There are four groups of rows in the sheet. The first uses no symbols. This is actually more secure as the range of digits as well as upper and lower case characters gives a wider range from which the intruder has to guess than just the limited range of symbols. However many sites require symbols and unfortunately they each support different limited ranges of symbols. In order to support this we provide three further ranges of rows which use, in turn, the sets of symbols "*()=+[]","!"#$%@&" and "-_.{}~^". The second provides better support for DB2 (A database) and the third set provides better support for WebSphere (A programming environment). If a password with a symbol is not valid for your site then move to the next unused password until you see one which will fit your password rules. If a password is rejected then mark it as used because it has been disclosed to a site.
Should I use your sheet for my bank password?
Certainly, as it avoids you using a memorable but guessable password which still fits your bank's password rules. The weakness of using the password sheet is the need for physical security of the paper sheet. If possible it is more secure to remember a truelly random bank password and if you are able to remember your most secure passwords then it is even better than using a paper sheet. The problem is that truly random passwords are extremely difficuylt to remember, hence the use of passwordsheet.com. You do not want to use passwords across multiple sites and absolutely not to use a bank password on a non bank site.
The challenge is to use a password which is memorable but which doesn't use names, keyboard patterns or dictionary words. You could use this website to generate your bank password on the screen without keeping a printed record but you need to put a good deal of effort into memorizing a nonsensical and therefore secure password. As a result depending on your memory and bank password rules it may be more practical for you to use the printed sheet for your bank password but if you are able to remember the password that would be even better. If you do use the sheet for your bank password you may want to keep a second separate sheet that does not leave your home. Be aware that burglers may look for password sheets particularly if you have a safe or use combination locks. Disgruntled partners are also likely to look for a password sheet if there is bank information involved.
If you have other questions please contact me as office AT brunettemail.com
